With the Compact on Wimax firmware you have a GRE tunnel to an ASN
gateway appliance rather than the EPC appliance.
I think you'll find VPLS bridging to give you the least amount of
trouble with VPN's and such. In my opinion, don't do IPCS
bridging....it has some interesting administrative advantages over VPLS,
but it's unreliable.
If you do VPLS, there's no method in the BTS or ASN to stop a rogue DHCP
server, but I believe you can prevent that problem by adding a firewall
rule to each VPLS CPE. Alternatively you could put each VPLS client in
their own individual VLAN to give them layer2 separation from each
other, but that obviously does not scale.
I don't know what platform you are coming from PJay, but Wimax on the
Compact is buggy. I have used the Motorola CAP320 in the past, and more
recently the Alvarion Extreme. I'd say compared to either one the
Compact has half the usability and twice the problems. I think the main
reason to use it is that since it's dual mode you can use it to make a
relatively smooth transition to LTE.
-Adam
Per the subject line and e-mail contents, Pjay is not even using LTE,
but WiMAX. But that is confusing to me because I thought that WiMAX
did not require a GRE tunnel for L2, but could handle L2 natively. (I
have zero practical experience with WiMAX, though, so I'm probably
mistaken.)
I agree with the MSS clamping idea...SSL VPN should be TCP-based, so
it should respond to that UNLESS the other end of the VPN is doing
something unorthodox, such as forcibly upclamping the MSS while
simultaneously breaking path MTU discovery via excessive ICMP
filtering, the net effect of which would be that nobody with an MTU
lower than what *their* VPN concentrator is set to will be able to
successfully pass traffic to it. (I have seen it before...paranoid
network administrators can be guilty of some really dumb things.)
-- Nathan
*From:*[email protected] [mailto:[email protected]] *On
Behalf Of *Jeremy Austin
*Sent:* Thursday, June 23, 2016 11:35 AM
*To:* [email protected]
*Subject:* Re: [Telrad] Telrad WIMAX and SSLVPN (Juno Pulse)
On Wed, Jun 22, 2016 at 9:23 AM, Pjay Castro <[email protected]
<mailto:[email protected]>> wrote:
Has anyone seen this issue and has anyone overcome it other than
changing to a different technology for exceptions?
Have you tried MSS clamping upstream from the tunnel?
I ended up running my own L2 tunnel rather than Telrad's. Still stuck
with a smaller MTU, of course.
I'm also curious how other people are solving this issue until we can
get a 1500 byte LTE WAN MTU.
--
Jeremy Austin
(907) 895-2311
(907) 803-5422
[email protected] <mailto:[email protected]>
Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC
Schedule a meeting: http://doodle.com/jermudgeon
_______________________________________________
Telrad mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/telrad
_______________________________________________
Telrad mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/telrad
